Vulnerability Description
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Aironet 1542D Firmware | 017.006\(001\) |
| Cisco | Aironet 1542D | - |
| Cisco | Aironet 1542I Firmware | 017.006\(001\) |
| Cisco | Aironet 1542I | - |
| Cisco | Aironet 1562I Firmware | 017.006\(001\) |
| Cisco | Aironet 1562I | - |
| Cisco | Aironet 1562E Firmware | 017.006\(001\) |
| Cisco | Aironet 1562E | - |
| Cisco | Aironet 1562D Firmware | 017.006\(001\) |
| Cisco | Aironet 1562D | - |
| Cisco | Aironet 1815I Firmware | 017.006\(001\) |
| Cisco | Aironet 1815I | - |
| Cisco | Aironet 1815M Firmware | 017.006\(001\) |
| Cisco | Aironet 1815M | - |
| Cisco | Aironet 1815T Firmware | 017.006\(001\) |
| Cisco | Aironet 1815T | - |
| Cisco | Aironet 1815W Firmware | 017.006\(001\) |
| Cisco | Aironet 1815W | - |
| Cisco | Aironet 1830 Firmware | 017.006\(001\) |
| Cisco | Aironet 1830 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aVendor Advisory
FAQ
What is CVE-2022-20728?
CVE-2022-20728 is a vulnerability with a CVSS score of 4.7 (MEDIUM). A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative...
How severe is CVE-2022-20728?
CVE-2022-20728 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-20728?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Aironet 1542D Firmware, Cisco Aironet 1542D, Cisco Aironet 1542I Firmware, Cisco Aironet 1542I, Cisco Aironet 1562I Firmware.